Cyber Security Training by Merit Professional Development

Overview

U-M IT staff asked for IT security training, and to meet this need, Information Assurance (IA) purchased a limited number of seats in several Merit training courses throughout the 2016-17 academic year. Implementation of the university's new information assurance program, as outlined in the proposed new IT Security Policy, depends on knowledgeable staff throughout the university. Staff members from the U-M Ann Arbor, Michigan Medicine, Flint and Dearborn campuses were invited to attend.

Course Information

Capture the Flag Guided Exercise

  • Status: In Progress
  • Audience: Information Assurance security staff
  • Total Sessions: Seven
  • Format: After a guided session, participants complete online exercises over a six-week period.
  • Description: This one-of-a-kind event is a hands-on Capture The Flag (CTF) experience coupled with real time training on the tools and operating systems needed to successfully work through a series of challenges. Six modules allow students to learn the fundamentals of hacking tools, techniques, and methodologies, as well as how to use open source tools to fire off live attacks on networked systems in real time.

The Threat at Your Doorstep: Cybersecurity for Executives

  • Status: Complete
  • Audience: IT leadership in IT Commons, Michigan Medicine IT and ITS
  • Total Sessions: Four
  • Format: ½ day session
  • Description: Provided information about the current threat landscape, social engineering, critical controls, common attack vectors and more. Participants walked away with an in-depth overview of various types of hackers, social engineering attacks and the role of security training programs. Attendees also participated in a live phishing attack demo.

Secure Coding Workshop

  • Status: Complete
  • Audience: Application developers who work on university-wide or unit systems
  • Total Sessions: Three
  • Description: This workshop delivered a detailed overview into fundamentals of security and secure coding. This half-day workshop featured instructor-led lectures and hands-on exercises, in which students learned how to identify security flaws early in the development process and how to design and code to eliminate these flaws. All examples and lessons were presented in a variety of high-level concepts and programming languages.

The Threat at Your Doorstep: Cybersecurity for Technicians

  • Status: Complete
  • Audience: U-M IT security professionals.
  • Total Sessions: Four
  • Description: This seminar focused on areas such as the current threat landscape, social engineering, critical controls, common attack vectors and more. Participants walked away with an in-depth overview of various hackers types, the nature and role of training programs and an exploration of social engineering. Attendees also participated in a live phishing attack demo.

Certified Secure Web Application Engineer (CSWAE)

  • Status: In Progress
  • Audience: By invitation-only. Web application developers were invited.
  • Total Sessions: Two
  • Description: The multi-day cybersecurity course is designed to equip attendees with the knowledge and tools needed to identify and defend against security vulnerabilities in software applications.

    Students will put theory to practice by completing real world labs that include testing applications for software vulnerabilities, identifying weaknesses in design through architecture risks analysis and threat modeling, conducting secure code reviews and more. On the final day of training, students will complete a real world hacking exercise on a live web application.